CVE-2008-3879

Name of the Vulnerable Software and Affected Versions Ultra Office Control version 2.0.2008.801 and earlier

Description The issue allows remote attackers to force the download of arbitrary files onto a client system. This is achieved by using a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument (SaveAsDocument argument) to the Save method.

Recommendations For Ultra Office Control version 2.0.2008.801 and earlier, consider disabling the Open and Save methods until a patch is available to prevent the forced download of arbitrary files. Restrict access to the Ultra.OfficeControl ActiveX control to minimize the risk of exploitation.